What is GHSA-7rrw-cv3r-3cgg?

GHSA-7rrw-cv3r-3cgg is a security advisory published by GitHub Security Advisories with Low severity. OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability...

Which CVE IDs does GHSA-7rrw-cv3r-3cgg cover?

GHSA-7rrw-cv3r-3cgg covers the following CVE IDs: CVE-2026-40510. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7rrw-cv3r-3cgg?

GHSA-7rrw-cv3r-3cgg has a CVSS v3 base score of 3.8, published by GitHub Security Advisories.

GHSA-7rrw-cv3r-3cggLowCVSS 3.8

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability...

Vendor

GitHub Security Advisories

Published

May 29, 2026

Last Modified

May 29, 2026

🔗 CVE IDs covered (1)

CVE-2026-40510 →

📋 Description

OpenSC before 0.27.0-rc1, fixed in commit 3f24f0b, contains a stack buffer overflow vulnerability in piv_process_history() in src/libopensc/card-piv.c that allows physically present attackers to trigger memory corruption by presenting a crafted PIV smart card or USB device returning a URL field longer than 118 bytes in the Key History Object ASN.1 response.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-40510
https://github.com/OpenSC/OpenSC/pull/3558
https://github.com/OpenSC/OpenSC/commit/3f24f0b48a481a8cf2e46059d8238a283ddc1c13
https://www.vulncheck.com/advisories/opensc-stack-buffer-overflow-via-piv-process-history-in-card-piv-c
https://github.com/advisories/GHSA-7rrw-cv3r-3cgg